raboof / nethogs Goto Github PK
View Code? Open in Web Editor NEWLinux 'net top' tool
License: GNU General Public License v2.0
Linux 'net top' tool
License: GNU General Public License v2.0
Would you like to wrap any pointer data members with the template class "std::unique_ptr"?
Update candidate: Connection
Getting an immediate crash in Gentoo Base System release 2.2 when trying to run nethogs eth1
Output below:
NetHogs version 0.8.0
PID USER PROGRAM DEV SENT RECEIVED
? root unknown TCP 0.000 0.000 KB/sec
TOTAL 0.000 0.000 KB/sec
nethogs: cui.cpp:416: void do_refresh(): Assertion `pwuid != __null' failed.
Couldn't open dir /proc/3913/fd: No such file or directory
Couldn't open dir /proc/3914/fd: No such file or directory
Couldn't open dir /proc/3915/fd: No such file or directory
Couldn't open dir /proc/3916/fd: No such file or directory
Couldn't open dir /proc/3917/fd: No such file or directory
Aborted (core dumped)
ifconfig eth1 output (IP changed for security purposes):
eth1 Link encap:Ethernet HWaddr 0c:c4:7a:33:7b:df
inet addr:67.200.11.11 Bcast:67.200.11.16 Mask:255.255.255.248
inet6 addr: fe80::ec4:7aff:fe33:7bdf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:468870682 errors:0 dropped:0 overruns:0 frame:0
TX packets:456776708 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:104799289139 (97.6 GiB) TX bytes:109684950287 (102.1 GiB)
Memory:f7300000-f7380000
make
g++ -Wall -Wextra -c process.cpp
process.cpp:26:21: fatal error: ncurses.h: Datei oder Verzeichnis nicht gefunden
#include <ncurses.h>
^
compilation terminated.
Makefile:65: recipe for target 'process.o' failed
make: *** [process.o] Error 1
sudo apt-get install libncurses5-dev
solved this for me on raspbian jessie.
When I do ./nethogs eth0
and the handler for eth0 cannot be opened, I'd like to bail out with an error instead of showing a window without any traffic.
I suppose the condition should be: when no handlers could be opened, show an error, otherwise continue with the handlers that could be opened?
I would like to point out that identifiers like "__CONNECTION_H
" and "__INODE2PROG_h
" do not fit to the expected naming convention of the C++ language standard.
Would you like to adjust your selection for unique names?
Hi,
I found that trace mode, against what I'd have expected, 'forgets' about past processes/programs that become inactive. Real production output:
nethogs -t eth0 -d 300 -v 3
Refreshing:
java/868/1000 4.4044 1.32513
chromium-browser/6455/1000 0.0257711 0.0216389
unknown TCP/0/0 0 0
Refreshing:
java/868/1000 4.5485 1.36938
unknown TCP/0/0 0 0
In the second 'round', chromium-browser disappeared, because consumption was too low. I don't think that makes sense for a process which runs forever, and sums results (note the -v 3
flag).
Imagine that 1 hour later, chromium-browser becomes active again. Would then past chromium-browser results be forgotten (excluded from the sum)? That'd be quite buggy imo!
Cheers - Victor
Hello
I had to add #niclude <stdio.h>
in src/packet.h
to get it to compile, there were errors like this:
packet.cpp:71:71: error: 'printf' was not declared in this scope
printf("Adding local address: %s\n", inet_ntoa(addr->sin_addr));
^
packet.cpp:79:73: error: 'printf' was not declared in this scope
inet_ntop(AF_INET6, &addr->sin6_addr, host, sizeof(host)));
^
packet.cpp: In member function 'char* Packet::gethashstring()':
packet.cpp:274:55: error: 'snprintf' was not declared in this scope
local_string, sport, remote_string, dport);
Could you create a release so we can have a "latest" version available?
I reckon existing releases are tags automagically converted as releases.
Github now provides a "Latest release" button on the release page of a project, after you have created your first release.
just got the following:
root# nethogs ext0
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
? root unknown TCP 0.000 0.000 KB/sec
TOTAL 13.435 220.736 KB/sec
Couldn't open dir /proc/329478/fd: No such file or directory
Couldn't open dir /proc/329483/fd: No such file or directory
Couldn't open dir /proc/329488/fd: No such file or directory
Couldn't open dir /proc/329491/fd: No such file or directory
Couldn't open dir /proc/329492/fd: No such file or directory
Couldn't open dir /proc/329525/fd: No such file or directory
Couldn't open dir /proc/329532/fd: No such file or directory
Couldn't open dir /proc/329535/fd: No such file or directory
Couldn't open dir /proc/329541/fd: No such file or directory
Couldn't open dir /proc/329562/fd: No such file or directory
Couldn't open dir /proc/329563/fd: No such file or directory
Couldn't open dir /proc/329564/fd: No such file or directory
Couldn't open dir /proc/329731/fd: No such file or directory
Couldn't open dir /proc/329732/fd: No such file or directory
Couldn't open dir /proc/329733/fd: No such file or directory
Couldn't open dir /proc/329737/fd: No such file or directory
Couldn't open dir /proc/329738/fd: No such file or directory
Couldn't open dir /proc/329759/fd: No such file or directory
Couldn't open dir /proc/329692/fd: No such file or directory
Couldn't open dir /proc/329693/fd: No such file or directory
Couldn't open dir /proc/329694/fd: No such file or directory
Couldn't open dir /proc/329821/fd: No such file or directory
Couldn't open dir /proc/329822/fd: No such file or directory
Couldn't open dir /proc/329830/fd: No such file or directory
Couldn't open dir /proc/329832/fd: No such file or directory
Couldn't open dir /proc/329845/fd: No such file or directory
Couldn't open dir /proc/329846/fd: No such file or directory
Couldn't open dir /proc/329934/fd: No such file or directory
Couldn't open dir /proc/329961/fd: No such file or directory
Couldn't open dir /proc/330087/fd: No such file or directory
Couldn't open dir /proc/330088/fd: No such file or directory
Couldn't open dir /proc/330176/fd: No such file or directory
Couldn't open dir /proc/330247/fd: No such file or directory
Couldn't open dir /proc/330249/fd: No such file or directory
Couldn't open dir /proc/330251/fd: No such file or directory
Couldn't open dir /proc/330260/fd: No such file or directory
Couldn't open dir /proc/330270/fd: No such file or directory
Couldn't open dir /proc/330348/fd: No such file or directory
nethogs: cui.cpp:80: void Line::show(int, unsigned int): Assertion `m_pid <= 100000' failed.
Aborted
Number of PID's is freely configurable. On my box:
root# cat /proc/sys/kernel/pid_max
514055
An extra null pointer check is not needed in functions like the following.
Nethogs resetted "received" counter 2 times during 30 minutes run.
Counters numbers were about 3-4Gb in Megabytes view before resets.
Use Case:
I want to use nethogs command inside bash script to capture process traffic flow not interactive mode, so it better to have a -b
option like top.
I compiled nethogs from source. It works but the output is messed up if the user name is long. Here i have a user name in the form of [email protected] (Active Directory user).
Here is the line with a process called iceweasel:
2957 abcdef.abiceweaseldefg.abcd br0 2.913 13.272 KB/sec
Notice that the first 9 letters are followed by the program name then followed by some other letters from the user name.
When there are multiple instances of a process running, it would be much more helpful to if nethogs could show the arguments to all processes.
Seeing PR #56, It's unfortunate that the changed code is also similarly used in libnethogs.cpp
May be we can start thinking about changing the app to statically link to libnethogs.
This will provide better code separation and avoid any code duplication.
The only downside is that some regression testing would be needed.
@raboof I am planning to build a tool similar to nethogs but it will GUI tool instead of command line. Can you point me in the right direction?
Like
can I build this on top of nethogs?
if not how are you collecting the bandwidth info for the process?
Thank you in advance.
Hello,
We spotted nethogs and were hoping to use it to help drive out some benchmarks on the per-process network usage in our tooling (https://github.com/rackhd/), which is set up as a distributed system.
I am using nethogs in tracemode and monitor my traffic on a specific port (I would love to do per-process monitor but per #31, I am not yet able to do that). I would store the output, parse it, and plot it into a charter for later analysis. I would like to have one log item each second so that not to leave a time hole in the log file.
The problem is that, nethogs will stop to print any log files, after the traffic has been silent for 50 seconds. Resuming traffic after that will not make it print any further output.
Dug a little bit into the source, I think this is because CONNTIMEOUT is set to 50. I guess there is a reason to set a timeout, but maybe we can provide command line option to disable the timeout, so that I can get constant logs, even when the traffic is not constant.
How do you think?
Hey there,
I run nethogs via upstart, e.g. it is supposed to be permanently running (and logging the output to files which I later analyse).
I run it with the -t
and -v 3
options.
It'd be tremendously useful if the output said for how long has the nethogs process been running in total. That way I can identify each 'run' instantly, allowing me to discard 99% of the logs.
Current behavior
Refreshing:
/usr/bin/ssh/21045/1000 0.000234604 0.00025177
unknown TCP/0/0 0 0
Refreshing:
/usr/bin/ssh/21045/1000 0.000234604 0.00025177
unknown TCP/0/0 0 0
Desired behavior
nethogs started at 1459185766, and it has been running for 180 seconds now.
Refreshing:
/usr/bin/ssh/21045/1000 0.000234604 0.00025177
unknown TCP/0/0 0 0
nethogs started at 1459185766, and it has been running for 240 seconds now.
Refreshing:
/usr/bin/ssh/21045/1000 0.000234604 0.00025177
unknown TCP/0/0 0 0
Could you please implement this? Sounds easy :)
Surely this feature would be better added as an opt-in feature, disabled by default.
Cheers - Victor
Refresh the page after a certain timeout even when there's no packets coming in
I maintain nethogs in Fedora and EPEL and looking at the "official" site http://nethogs.sourceforge.net/, I don't see it is obvious that nethogs has moved to github. I thought the program hadn't been updated in a few years to be honest.
Is is safe to assume that this is the new canical source? And if yes, is 0.8.2 the latest stable version?
I intend to update the package in Fedora soon.
Thank you.
The link to Opensuse RPMs at "http://raboof.github.io/nethogs/#download" is broken,
you could use "https://software.opensuse.org/package/nethogs" instead.
It doesn't make sense to have both a homepage and a README.
Let's improve the README and then replace the homepage with a link to the README ;)
Exactly which packages need to be installed to compile nethogs on yum-based distro's?
Hello
Instead of running nethogs as root it is possible to give it packet capture capatibilities:
setcap cap_net_raw,cap_net_admin=eip src/nethogs
and then you can run it as your regular user. safer!
What do you think about adding notes about this to the readme?
once 'gotcha' about this is if you move the binary from one place to another it will lose the capability. So it should be done after install.
When the last app using the network is closed. the bandwidth-per-second meters are not reset to zero but keep the last values before the last network app is closed...
Those should be real time and therefore reset to zero when no app is using the network.
Suggested fix:
in the dp_dispatch
loop inmain.cpp
add the follwoing if retval == 0
gettimeofday(&curtime, NULL);
This will fix the the bandwidth calculation functions.
I'm running version 0.8.1-SNAPSHOT compiled from https://github.com/raboof/nethogs/tree/580c4120994e0e815b01a3141ed1af0bbe841357
In CoreOS, running Fedora 21 in a systemd-nspawn
container. CoreOS has a toolbox
command that I use to get this container, and it's invocation is:
sudo systemd-nspawn --directory=/var/lib/toolbox/andy-fedora-latest --capability=all --share-system --bind=/:/media/root --bind=/usr:/media/root/usr --user=root
Then in the container, cloning the above revision and running it:
cd /usr/src/
yum install -yt git libpcap libpcap-devel ncurses-devel make gcc-c++
git clone https://github.com/raboof/nethogs.git && cd nethogs-docker
make && make install && mv nethogs /usr/sbin/nethogs
nethogs docker0
That gives me something like this:
NetHogs version 0.8.1-SNAPSHOT
PID USER PROGRAM DEV SENT RECEIVED
? root 172.17.0.23:34010-54.75.248.132:443 0.000 47.448 KB/sec
? root 82.35.252.48:37098-172.17.0.6:80 0.000 4.062 KB/sec
? root 172.17.0.23:46294-93.184.220.20:443 0.000 3.020 KB/sec
? root 172.17.0.6:80-82.35.252.48:37084 0.000 2.353 KB/sec
? root 172.17.0.23:34012-54.75.248.132:443 0.000 1.979 KB/sec
? root 54.75.248.132:443-172.17.0.23:34010 0.000 1.063 KB/sec
? root 93.184.220.20:443-172.17.0.23:46294 0.000 0.317 KB/sec
? root 82.35.252.48:37090-172.17.0.6:80 0.000 0.212 KB/sec
? root 82.35.252.48:37091-172.17.0.6:80 0.000 0.150 KB/sec
? root 50.16.210.240:80-172.17.0.25:46092 0.000 0.113 KB/sec
? root 82.35.252.48:37084-172.17.0.6:80 0.000 0.109 KB/sec
? root 83.223.124.6:80-172.17.0.27:39394 0.000 0.029 KB/sec
? root 172.17.0.25:46092-50.16.210.240:80 0.000 0.027 KB/sec
? root 82.35.252.48:37085-172.17.0.6:80 0.000 0.027 KB/sec
? root 82.35.252.48:37097-172.17.0.6:80 0.000 0.014 KB/sec
? root 82.35.252.48:37093-172.17.0.6:80 0.000 0.014 KB/sec
? root 82.35.252.48:37094-172.17.0.6:80 0.000 0.014 KB/sec
? root 82.35.252.48:37092-172.17.0.6:80 0.000 0.014 KB/sec
? root 82.35.252.48:37086-172.17.0.6:80 0.000 0.014 KB/sec
? root 82.35.252.48:37089-172.17.0.6:80 0.000 0.014 KB/sec
? root 82.35.252.48:37087-172.17.0.6:80 0.000 0.014 KB/sec
? root 82.35.252.48:37088-172.17.0.6:80 0.000 0.014 KB/sec
? root unknown TCP 0.000 0.000 KB/sec
TOTAL 0.000 61.026 KB/sec
which is fantastic! However the "sent" column never shows any value except for 0.000
.
I realise this is a fairly non-standard use case, and would be happy to provide more debug if you require it.
Another observation: under load (so many HTTP requests) I see Couldn't open dir /proc/30103/fd: No such file or directory
underneath nethog's final line, similar to this:
? root 172.17.0.6:80-74.86.158.106:32735 0.000 2.318 KB/sec
? root 173.194.45.52:80-172.17.0.27:53425 0.000 1.262 KB/sec
? root 172.17.0.27:60405-173.194.45.43:80 0.000 0.948 KB/sec
? root 172.17.0.27:50909-74.125.206.95:443 0.000 0.863 KB/sec
? root 172.17.0.27:53432-173.194.45.52:80 0.000 0.861 KB/sec
? root 172.17.0.23:42521-162.159.249.89:443 0.000 0.817 KB/sec
TOTAL 0.000 571.690 Couldn't open dir /proc/30103/fd: No such file or directory
Couldn't open dir /proc/30104/fd: No such file or directory
Couldn't open dir /proc/30105/fd: No such file or directory
Couldn't open dir /proc/30097/fd: No such file or directory
Couldn't open dir /proc/30137/fd: No such file or directory
Couldn't open dir /proc/30143/fd: No such file or directory
Couldn't open dir /proc/30141/fd: No such file or directory
Couldn't open dir /proc/30169/fd: No such file or directory
Couldn't open dir /proc/30170/fd: No such file or directory
Couldn't open dir /proc/30186/fd: No such file or directory
Couldn't open dir /proc/29529/fd: No such file or directory
There's also a question of PIDs - systemd-nspawn's --share-system
option does not create a new PID namespace, so the container can see other PIDs running on the system. If you'd like me to file a bug for that, I will.
Thanks!
I'm running ubuntu 14.04. I installed the pre-requisites and ran make successfully (can run nethogs from the src directory). But when I run sudo make install I get an error. Here is my output:
kahrens@lrevo:~/dev/nethogs$ sudo make install
make -C src -f MakeApp.mk install
make[1]: Entering directory `/home/kahrens/dev/nethogs/src'
make[1]: *** No rule to make target `nethogs.8', needed by `install'. Stop.
make[1]: Leaving directory `/home/kahrens/dev/nethogs/src'
make: *** [install] Error 2
I looked inside MakeApp.mk and it does reference nethogs.8. Where does that get built?
From the README, it is not clear whether one can build the project from master
and expect it to be stable.
Cheers - Victor
Hi,
how can I use this on my Synology NAS?
Cheers
xxx ~/nethogs $ sudo ./tmp/usr/local/sbin/nethogs -b
Adding local address: 211.*.*.*
Adding local address: fe800000000000000****afffe04b46f
Ethernet link detected
Adding local address: 192.168.1.111
Adding local address: fe800000000000000****afffe04b46e
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
? new connection not in connection-to-inode table before refresh.
it just hang...
Ubuntu 16.04.
nethogs not working after updating kernel to 4.4.0-2
Tested with iperf between two hosts, nethogs reports 2 MBps while iperf reports 10+ MBps.
during normal use, I occasionally see numerous messages such as
"Couldn't open dir /proc/329821/fd: No such file or directory", without line break,
which make the whole nethogs window almost unreadable.
It would be great if these unhelpful messages could be suppressed.
I expect that exception handling is usually supported by a C++ program. I wonder why your function "main" does not contain corresponding try and catch instructions so far.
How do you think about recommendations by Matthew Wilson in an article?
Would you like to adjust the implementation if you consider effects for uncaught/unhandled exceptions like they are described by Danny Kalev?
Hey there,
I'm thinking of an option which would be complimentary to the -t
option. It would cause all output to be json-formatted. This would make log analysis much easier and robust.
Current output
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
Refreshing:
java/868/1000 0.146554 0.0448284
/usr/bin/ssh/21045/1000 0.0239792 0.0107651
Refreshing:
java/868/1000 0.146554 0.0448284
/usr/bin/ssh/21045/1000 0.0239792 0.0107651
Desired alternative output
[
{process: "/usr/bin/ssh", pid: 21045, uid: 1000, rx: 0.0239792, tx: 0.0107651},
{process: "java", pid: 21049, uid: 1000, rx: 0.0239792, tx: 0.0107651}
]
[
{process: "/usr/bin/ssh", pid: 21045, uid: 1000, rx: 0.0239792, tx: 0.0107651},
{process: "java", pid: 21049, uid: 1000, rx: 0.0239792, tx: 0.0107651}
]
(note that the "Waiting" and "Refreshing" lines should be excluded)
Each json object should consist of one line (however long), so logrotate doesn't ever truncate objects. I don't think these lines should end in a comma: each line should represent a syntactically correct, independent object.
Hopefully you are willing to add this to the codebase. With the adequate library it should be easy. From my side I can offer a BountySource tip - I understand that I can't ask you to work for free!
Cheers - Victor
It would be helpful if the user was included in trace mode.
I'm about to investigate if I can do it but figured the idea should be jotted down either way.
I guess a more complete way to do it would be to take arguments. That would be better because of backwards compatibility.
I suggest to reuse a higher level build system than your current small make file so that powerful checks for software features will become easier.
We establish the process-to-connection (or, more accurately, process-to-inode) mapping based on /proc/<pid>/fd
on Linux.
Does OSX have something similar?
Edit: here is the repository
Hey there I am currently making a gui app using nethogs at the backend. The idea is to run a light server and use a webview for the desktop app. This way output can also be viewed from the network on a different machine. here are some screenshots
The per process graph can also be seen by selecting the process from the list
The app is still in very early stages and not released yet but some input would be appreciated.
I am using the nethogs trace mode as data source but the data is not clean as I would like (long process path/ IP adresses etc.) I would appreciate if trace mode listed pid, user device as well, more preferably in a JSON format such that any future changes/additions do not break dependent apps(currently I am parsing output line by line column-wise).
As discussed in passing here and the few comments after it, there seems to an interest in getting back to and maintaining a consistent style. I think clang-format would be the easiest way to do this since it would allow:
make
task to reformat all of the source code.make format
that would just affect a ton of stuff)make format
before pull requesting.If you're interested in this approach, I can easily put together a config for clang-format and a make
task. I just need to know what the desired style is.
Nethogs currently does not work reliably when the interface you're monitoring has multiple IP addresses.
There is a bug in this snippet from inodeprog.cpp:
int length = read (fd, buffer, bufsize); //This should be bufsize - 1
// ...
if (length < bufsize - 1)
buffer[length]='\0';
In cases where the cmdline is >= bufsize
characters, read
has been told to read at most bufsize
characters. The problem is that the bufsize
is the size of the buffer, leaving no room for the terminating null character. From what I've seen, this results in garbage for the program name, but it could also theoretically result in a crash.
Easy way to recreate:
ln -s $(which curl) this_is_a_rediculously_long_name_like_seriously_absurdly_long_but_usually_args_would_push_the_80_limit
./this_is_a_rediculously_long_name_like_seriously_absurdly_long_but_usually_args_would_push_the_80_limit http://example.com/
I have a low-end laptop with limited CPU and nethogs causes a constant 4 to 5 % CPU usage.
I found that this is caused by the the very short sleep time in the main loop
if (!packets_read)
{
usleep(100);
}
I did some attempts and noticed that increasing the sleep time to few milliseconds fixes the issue with no side effects.
I'm having the issue described in #9, and if possible would like to stick to package manager to manage nethogs installation.
So, are you aware of a PPA
repository for Ubuntu-based distribution?
It would be nice if the data in nethogs could be navigated through a GUI.
This issue exists to track ideas/progress on different approaches to do this.
Morning,
We spotted nethogs and were hoping to use it to help drive out some benchmarks on the per-process network usage in our tooling (https://github.com/rackhd/), which is set up as a distributed system. We took a quick look at how we might hack something together with this tool, but the escape codes to do the ANSI TERM visual pieces add a lot of noise into the output.
Any suggestions - a command-line option we missed or something - using Nethogs or even some other tool to accomplish this kind of goal?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.